how to have/set up a Dual Gateway?

I'm not sure if the title is the right term for what I'm looking for. I hope this is right.
I'm not experience so I need your kind help.

I have an Asus RT-N16 flashed with Shibby's 114.
I'm in germany and always having my router connected to a British VPN service.
when I'm logged on to the VPN netwrok from the router I can't access my open ports from the outside world (settings on port forwarding). It doesn't matter if I tried my vpn IP or my local internet IP. they just don't work (I guess maybe since all the devices now are somehow isolated and appearing to be in the UK).
though when I try to access the port from a local device (for example using German_ip_when_VPN_is_connected:xxxx) it is accessible but if I tried it from the internet (used my brother's computer in another country) i wouldn't be able to access it.

when I disconnect from the VPN network it would go back to normal operation.

the thing is that I have one or two devices which I want it to be on the local german IP network (want to use it for VoIP communication) and for it's data not to go through the VPN network.

is there a way to have a dual Gateway and be able to assign devices to ignore the VPN internet connection and connect normally and be available to be accessed from the forwarded ports.

thanks for your help. please tell me if your need more info from my setup which I didn't mention.

though when I try to access the port from a local device (for example using German_ip_when_VPN_is_connected:xxxx) it is accessible but if I tried it from the internet (used my brother's computer in another country) i wouldn't be able to access it.

Click to expand...

This is a normal behaivour called nat loopback - your router "sees" packets from inside arriving with IP of your WAN and Redirects them itself to the internal lan - this Feature in fact is in continous discussion due not all Services Support such redirection. For http/https traffic, everything is fine IMHO.

I think the issue that portforwarding is broken as soon as VPN is established, is a design issue.

Can you just post your Firewall rules as soon as you are connected to VPN and afterwars with "no VPN Connection"?
You can do that in Tools -> Scripts: >>iptables -L<< and click run.
Paste the results here

You should remove your real IPs there, but would be good to tell us which are your local real IP and Gateway and which the other end of the VPN! As I expected there are significant differences here, making default routing through the tunnel.

I am partly responsible for the first route table host entry in the seconds example - needed for my half bridge modem mode where ISP gateway when not in the network defined by the IP and netmask.

Adblock primarily works on DNS poisoning, but can have associated iptables rules to pixelserv etc, but I don't see any here.

any more help or suggestions guys? have I missed something or did I unnoticeably left a request to give more details unanswered.

vlan2 is the internet wither connected directly or through a VPN
br0 is the router internal IP netwrok (LAN DHCP zone)
lo i think this is for the adblock
tun11 this is the VPN network pushed by the service provider